PT-2026-6920 · Unknown+1 · Webuploader+1
St1Tch
·
Publicado
2026-02-07
·
Atualizado
2026-03-05
·
CVE-2026-2113
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
yuan1994 tpadmin versions up to 1.3.12
Description
A security issue exists in yuan1994 tpadmin up to version 1.3.12. The issue is related to deserialization within the WebUploader component, specifically in the file
/public/static/admin/lib/webuploader/0.1.5/server/preview.php. This can be exploited remotely. The exploit for this issue has been publicly disclosed. This vulnerability affects products that are no longer supported by the maintainer.Recommendations
Versions prior to 1.3.12 should not be used.
Exploit
Correção
Deserialization of Untrusted Data
Unrestricted File Upload
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Webuploader
Ftp Admin